added new DC and transferred FSMO roles

Posted on 2014-09-15
Last Modified: 2014-10-07
I recently added a new DC.  Once added and verified that DNS replicated I transferred the FSMO roles.  I did this so I could migrate the old DC to new hardware.  I'm getting the below error.

Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          9/14/2014 3:57:10 AM
Event ID:      2092
Task Category: Replication
Level:         Warning
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      myDCname.domain.local

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=mydomain,DC=local
Question by:gopher_49
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
LVL 29

Expert Comment

ID: 40323470
Follow the instructions here to SEIZE the schema role and then run a netdom query to validate:
netdom query FSMO

Once you have the roles moved and you validate AD replication is as expected, I suggest you demote the old DC and do a metadata cleanup.
LVL 17

Expert Comment

by:Emmanuel Adebayo
ID: 40323480
How did you transfer the roles? Did you size the role after transfer?

At the command prompt on the server enter
netdom query FSMO
This will list the FSMO roles on the server, size the the missing role(s) by using "Ntdsutil"

Also, check this MS KB


Author Comment

ID: 40323494
I want to keep the old DC.  I just needed to migrate the VM to different hardware and it was my only DC.  So.  I added a new DC and then transferred the roles.  I then powered off the old DC and migrated that VM and powered it back on.

When running the fsmo query it shows my new dc to have the roles.  I did not seize  the schema role prior to running the command.
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

LVL 35

Expert Comment

by:Seth Simmons
ID: 40323585
When running the fsmo query it shows my new dc to have the roles.

which one did you run that on?  run on both and see if the results on both are accurate

Author Comment

ID: 40323754
Okay.  Ill run it on both and will report back shortly.

Author Comment

ID: 40325739
I ran the command on both DC's and the results where the same.  It was successful and shows the new DC to be the role holder for all roles.  The error posted at the top of the post was from a few days ago.  Nothing has changed except for online defrags finishing successfully.
LVL 35

Accepted Solution

Seth Simmons earned 500 total points
ID: 40332604
if that error hasn't appeared since, i would say it was a transient error from when the fsmo roles were transferred and you won't be seeing it again since there have been no other messages and dcdiag is good on both systems since

often times when roles change, services are restarted, etc. transient messages like that will appear once in the beginning then go away

Author Comment

ID: 40332660
okay..  I'll watch the event logs over the next few days to assure it's okay and will update everyone.
LVL 29

Expert Comment

ID: 40332683
This has been seen in some instances where replication had not caught up. It might have just been the case here, since it has nit repeated since.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question